Bug 243848 - ASSERTION FAILED isBaselinePosition(preference) in WebCore::GridBaselineAlignment::updateBaselineAlignmentContext
Summary: ASSERTION FAILED isBaselinePosition(preference) in WebCore::GridBaselineAlign...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2022-08-11 14:29 PDT by Renata Hodovan
Modified: 2023-01-23 09:21 PST (History)
5 users (show)

See Also:

Attachments
Test (136 bytes, text/html)
2022-08-11 14:33 PDT, Renata Hodovan 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2022-08-11 14:29:21 PDT 
WebKit revision: r295779
OS: Linux-5.4.0-122-generic-x86_64-with-glibc2.29
Build command: Tools/Scripts/build-webkit --gtk --debug
SUT: MiniBrowser, WebKitTestRunner
Fuzzer: Grammarinator (https://github.com/renatahodovan/grammarinator)

Test:

<style>
* {
  display : grid ;
  place-items : baseline ;
  grid-template-rows : subgrid ;
}
html {
  align-items : center ;
}
</style>


Backtrace:

ASSERTION FAILED: isBaselinePosition(preference)
/app/webkit/Source/WebCore/rendering/GridBaselineAlignment.cpp(121) : void WebCore::GridBaselineAlignment::updateBaselineAlignmentContext(WebCore::ItemPosition, unsigned int, const WebCore::RenderBox&, WebCore::GridAxis)
1   0x7f31bb9dd5e1 WTFCrash
2   0x7f31bf1d0586 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe3f586) [0x7f31bf1d0586]
3   0x7f31c47d28ca /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64418ca) [0x7f31c47d28ca]
4   0x7f31c47f76d9 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64666d9) [0x7f31c47f76d9]
5   0x7f31c47faaeb /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6469aeb) [0x7f31c47faaeb]
6   0x7f31c47fa94b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x646994b) [0x7f31c47fa94b]
7   0x7f31c497faf2 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65eeaf2) [0x7f31c497faf2]
8   0x7f31c4980473 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65ef473) [0x7f31c4980473]
9   0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
10  0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02]
11  0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5]
12  0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44]
13  0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
14  0x7f31c4899d02 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6508d02) [0x7f31c4899d02]
15  0x7f31c48997b5 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x65087b5) [0x7f31c48997b5]
16  0x7f31c4898c44 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6507c44) [0x7f31c4898c44]
17  0x7f31c4886b43 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64f5b43) [0x7f31c4886b43]
18  0x7f31c4b0abf6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6779bf6) [0x7f31c4b0abf6]
19  0x7f31c4103702 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d72702) [0x7f31c4103702]
20  0x7f31c4102eb0 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5d71eb0) [0x7f31c4102eb0]
21  0x7f31c33a4c2b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5013c2b) [0x7f31c33a4c2b]
22  0x7f31c3ecfa21 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3ea21) [0x7f31c3ecfa21]
23  0x7f31c3ecf75a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e75a) [0x7f31c3ecf75a]
24  0x7f31c3ecf37b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5b3e37b) [0x7f31c3ecf37b]
25  0x7f31c33b478c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x502378c) [0x7f31c33b478c]
26  0x7f31c3a77443 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e6443) [0x7f31c3a77443]
27  0x7f31c3ab4d4c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5723d4c) [0x7f31c3ab4d4c]
28  0x7f31c3a7c06c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb06c) [0x7f31c3a7c06c]
29  0x7f31c3a7c19c /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb19c) [0x7f31c3a7c19c]
30  0x7f31c3a7aab6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56e9ab6) [0x7f31c3a7aab6]
31  0x7f31c3a7c1d7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x56eb1d7) [0x7f31c3a7c1d7]
WebKitWebProcess terminated (pid 24) for reason: crash
#CRASHED - WebKitWebProcess (pid 24)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
Comment 1 Renata Hodovan 2022-08-11 14:33:31 PDT 
Created attachment 461546 [details]
Test
Comment 2 Radar WebKit Bug Importer 2022-08-18 14:30:22 PDT 
<rdar://problem/98851021>
Comment 3 Rob Buis 2023-01-19 03:44:57 PST 
Still happens in trunk.
Comment 4 Rob Buis 2023-01-23 09:21:19 PST 
(In reply to Rob Buis from comment #3)
> Still happens in trunk.

But no crash using Release ASAN.
Comment 5 Rob Buis 2023-01-23 09:21:24 PST 
(In reply to Rob Buis from comment #3)
> Still happens in trunk.

But no crash using Release ASAN.